Privacy statement

Privacy Statement Shopfeedback Version May 2023

1. Introduction

This privacy statement had been prepared for Q&A (see article 2 for definitions), established in Amersfoort at the address: Koningin Wilhelminalaan 21. The procuct/service ‘Shopfeedback’ (as well as the website are part of Q&A Insights BV.

2. Definitions

Unless otherwise expressly provided below, the terms used in this statement, will be used in the sense that General Data Protection Regulation (here in after: ‘GDPR’) gives.

Q&A: Q&A Consultancy BV (kvk 65015061), Q&A Insights BV (58913009).

Personal Data: all information regarding an identified or identifiable natural person (data subject).

Processing of Personal Data: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. Scope

This Regulation shall apply to all processing of personal data within Q&A, other than the personal information that individuals/consumers have given in the capacity of individual/consumer.

Q&A will take care of complying with applicable laws and regulations concerning privacy among which the General Data Protection Regulation (GDPR).

Cookies are used on the sites of Shopfeedback ( and Q&A ( You can read more information about the cookies used by us in the cookie policy.

4. What personal data do we process?

Q&A processes:

  • contact data like surname, last name, company name, job title, telephone number (mobile) and business and/or private emailaddress, country;

5. For what purposes do we process the personal data?

  • for the purpose of issuing proposal
  • for the purpose of building a client database
  • for the purpose of concluding and executing agreements
  • for the purpose of inviting persons for seminars/events/tours
  • for the purpose of sending information about new products/services
  • for the purpose of sending mailings/newsletters
  • for the purpose of making/sending invoices
  • for the purpose of processing payments
  • for the purpose of activating and using an account on

6. Lawfulness of processing ?

Our processing of the personal data shall be lawful because of:

  1. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or:
  2. The data subject has given consent to the processing of his or her personal data for one or more specific purposes; The data subject has the possibility to withdraw his or her given consent.

7. Who processes the personal data?

The personal data will only be processed by employees of Q&A insofar as this is necessary for the performance of their duties.

In the case of organising events or retail tours/study trips, it is possible Q&A uses other organisations/subcontractors for the purpose of (among other things) making batches for the people present at the event or for booking overnight stays or flight tickets. In that situation Q&A will hand over the personal data necessary for making the batches or booking the overnight stays etcetera to these organisations. Q&A will inform you which subcontractors she will use, what personal data will be shared with them and for what purpose they will be shared.

The personal data will only be processed, as far as they are, given the purposes described in article five, sufficient, relevant and not excessive.

Q&A will keep confidentiality about the personal data from which she takes note, unless insofar as any legal regulation obliges her to communicate or if the task of the responsible employee results in the communication of the data.

8. Access to personal data

Q&A stores personal data among other things in personal Outlook/exchange boxes, in a CRM system, developed by Q&A and in Excel databases per event. Each employee has access to his/her personal Outlook/exchange system, to the CRM software program and to the Excel databases. The personal assistants also have access to the personal Outlook/exchange boxes of the Managing Director.

Q&A uses external cloud servers of Exonet located in the Netherlands and/or cloud servers of Microsoft located in Europe for the storage of data. Each user of personal data has a confidentiality obligation with regard to the data he or she has authorized access to.

9. Security of personal data

Q&A will take technical and organizational security measures to prevend unauthorized access or unauthorized use of personal data.

Q&A confirms to the obligation to report data leaks.

10. Providing personal data to third parties

Q&A won’t provide your personal data to third parties, unless you have given her the necessary permission or unless Q&A is obligated to provide personal data by law or a court decision or if such provision is at the service of the purposes of processing the personal data. We will conclude a processor agreement with companies that process your personal data in our assignment in order to accomplish the same level of security and confidentiality of your personal data. Q&A will stay responsable for these processing activities.

In the case Q&A organizes events where you attend as a participant and where sponsors are involved, Q&A will in most cases provide the sponsors a list of the company names of the participants. Other (personal) data such as your email address/first and last name/telephone number/job title/corporate address/country etc. will only be shared with these sponsors/third parties with your specific permission. The purpose of sharing the data will always be mentioned.

11. For how long will the data be stored?

The general storage period for Q&A is 5 years. If the storage period is shorter in specific cases, Q&A will indicate this per specific case. However, if legal storage periods deviate from the two previous sentences, Q&A will adhere to these legal storage periods.

12. Amendments to this Privacy Statement

Q&A reserves the right to amend this Privacy Statement. It is advisable to consult this Privacy Statement on our website on a regular basis to stay up to date on these amendments.

13. Rights of the data subject

You can execute the rights granted to you under GDPR concerning your personal data (among which: the rights on information and access, rectification, erasure, restriction, the right to be forgotten, dataportability and the right to object and the right not to be subjected to automated decision-making) by contacting Sandra Jonker (

We then ask you to prove your identity, on the basis of a valid identification. That way we can check if we provide the personal data to the right person.

Excessive requests in relation to the provision of information may be rejected by us. Excessive requests occur when, for example, you approach us on an above average and unnecessary number of times with information requests.

14. Complaints

Any complaints about this statement you can indicate to your own contactperson or to: (Sandra Jonker).

You also have the right to file a complaint to the Supervisory Authority. The ‘Autoriteit Persoonsgegevens’ supervises compliance with the legal rules for the protection of personal data. You can contact the Authority:
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30 2594 AV Den Haag